/**
 * 
 */
package com.witframework.baseapp.security.controller;

import org.apache.commons.lang.StringUtils;
import org.springframework.stereotype.Component;

import com.witframework.PropertiesConstants;
import com.witframework.baseapp.security.BaseUser;
import com.witframework.baseapp.security.UserSession;
import com.witframework.baseapp.security.system.DefaultLogger;
import com.witframework.core.ApplicationProperties;
import com.witframework.core.SerialChecker;
import com.witframework.core.WitFrameWork;
import com.witframework.core.log.AuditLogger;
import com.witframework.core.logic.IBaseService;
import com.witframework.web.mvc.WebContext;

/**
 * @author wuxinyang
 * Jul 1, 2009 4:49:09 PM
 * 
 */
@Component
public class LoginController {
	private String login="classpath:/com/witframework/webroot/framework/security/login.jsp";
	public String executor(WebContext webContext) {	
		String loginPage=ApplicationProperties.getProperty(PropertiesConstants.SECURITY_LOGIN_PAGE);
		if(StringUtils.isNotEmpty(loginPage))
			login=loginPage;
		if(webContext.getSessionAttribute("UserSession")!=null)
			return "redirect:"+webContext.getContextPath();
		String target=(String)webContext.getSessionAttribute("target");
		String command=webContext.getParameter("command");
		if(command!=null&&command.equals("login")){
			String txtLogin=webContext.getParameterAndsetAttribute("txtLogin");
			String txtPassword=webContext.getParameter("txtPassword");		
			if(StringUtils.isNotEmpty(txtLogin)&&StringUtils.isNotEmpty(txtPassword)){
				String defaultTarget=login(webContext);
				if(defaultTarget==null)
					return login;
				return "redirect:"+(StringUtils.isEmpty(target)?defaultTarget:target);				
			}else{
				if(StringUtils.isEmpty(txtLogin)){
					webContext.setAttribute("errorMsg","请输入用户名");
				}else{				
					if(StringUtils.isEmpty(txtPassword)){						
						webContext.setAttribute("errorMsg","请输入密码");
					}
				}
				return login;
			}
		}else{
			return login;
		}
	}
	private String login(WebContext webContext){
		try{
			SerialChecker.check();
		}catch(Exception e){
			webContext.setAttribute("errorMsg",e.getMessage());
			return null;
		}
		String txtLogin=webContext.getParameter("txtLogin");
		String txtPassword=webContext.getParameter("txtPassword");		
		IBaseService service=WitFrameWork.getSimpleBaseService(BaseUser.class);
		BaseUser user=(BaseUser) service.getBy("username", txtLogin);
		
		
		if(user==null){
			webContext.setAttribute("errorMsg","用户名不存在");
		}else{
			if(!user.getPassword().equals(txtPassword)){
				webContext.setAttribute("errorMsg","错误的用户名或密码");
			}
			else{
				UserSession us=new UserSession(user);				
				webContext.setSessionAttribute("UserSession", us);
				AuditLogger auditLogger=new DefaultLogger();
				auditLogger.info(user.getUsername(),new java.util.Date(), "0", "成功",
						new java.util.Date(), webContext.getHttpRequest().getRemoteAddr(),
						"登录系统", "","");
				String target=(String)webContext.getSessionAttribute("target");
				if(StringUtils.isNotEmpty(target))
					return "redirect:"+target;	
				return webContext.getContextPath();
			}
		}
		return null;
	}
}
